This Metasploit module exploits two vulnerabilities affecting Unraid 6.8.0. An authentication bypass is used to gain access to the administrative interface, and an insecure use of the extract PHP function can be abused for arbitrary code execution as root.
35b12f162c0f93f5dcd8552c4530c13b6a4979bffe9b0558493c22aea31db7e7
UCOPIA Wireless Appliance version prior to 5.1.8 suffer from a chroot escape privilege escalation vulnerability.
4f7e58adbfdd9de93ccaebd67d649ffa90a374c7320277dc04695c119db02908
UCOPIA Wireless Appliance version prior to 5.1.8 suffer from a restricted shell escape vulnerability.
b89bf2b19931af9f45509a36fd07550ef582566bfe0c8c59bec4e7227f00f09b
SPIP versions 3.1.2 and below suffer from a server-side request forgery vulnerability.
dc168e14bb0b3787609859406eb46abb5130f843e9d1a807bf27946a599a5c1e
SPIP versions 3.1.2 and below suffer from a PHP code execution vulnerability.
8fc707c64156c47e3eeb576edeae6ae8b7c1ca5620aec6068862b998fb7cc40c
SPIP versions 3.1.2 and below suffer from file enumeration and path traversal vulnerabilities.
d2ab8b128415b09ef61ba0c89730401c75aa3f4ce322dd43fb4058ccc0950ac5
SPIP versions 3.1.2 and below suffer from a cross site scripting vulnerability.
82f26ce8d2e06a0310943f86601d4af8ea95702997bd1830df30452763eead8f
SPIP versions 3.1.2 and below suffer from a cross site request forgery vulnerability.
ac70a9fadf7bb6167051a6bc6282e4fffb3814c2ba5b4c38bd4c9d0a3de2e8c3
Centreon Web Interface versions 2.5.3 and below utilize an ECHO for logging SQL errors. This functionality can be abused for arbitrary code execution, and can be triggered via the login screen prior to authentication.
5c09582d8455d486f9a8b546afc64ba7e1c0033c02c90405893cf9e6a8d35f16
WordPress iThemes Security suffers from insecure backup and logfile generation vulnerabilities.
e3308d1fef8c8d026f085134a8bb431d3946592ebc3e93771257b503662abd8d
Netgear ReadyNAS suffers from a remote root code execution vulnerability.
da4fd8bf1cf5bd9202939593d196158f1bb0d93705398477332bb1daebc93c97
Proxmox VE versions 3 and 4 suffers from privilege escalation, code execution, and cross site scripting vulnerabilities.
377a4d6e4e3f59329037f6605c912134206657cbddc009f577acf4a0c93a7e43
Centreon versions 2.5.3 and below suffer from a remote code execution vulnerability.
3c4451947909782cb24cf03b689934f5d565641465aa23686ec6df8df29ff586